Phishing: personal data theft

Phishing consists in the use of spoof email messages, which appear to have been sent from a trusted source, to carry out fraudulent activity.

What is it "Phishing"?

Phishing involves sending emails that appear to come from reliable sources (such as banks) and that try to get users to reveal confidential banking information, which is then used fraudulently.

To do this, the messages usually include a link to spoofed web pages. This way, users believe they have reached a trusted website, and enter the requested information, which is really falling into the hands of the fraudsters.

The following image is a typical example of phishing:

The harmful effects of phishing are:

Theft of identity and users’ confidential details. This could result in financial losses for users and even prevent them from accessing their own accounts.

One particularly dangerous form of phishing is known as pharming. This involves modifying the domain name resolution system (DNS) to redirect users to false web pages.

Normally, when a user types an address into the browser, this is converted into a numeric IP address. This process is known as domain name resolution, and is normally performed by DNS servers.

However, there are types of malware designed to modify the system for resolving domain names on the local computer, located in a file called HOSTS.

This file stores the information to resolve certain IP addresses accessed by the user. So when a user enters the name of a legitimate website, the computer first consults the HOSTS file to see if there is an IP address associated to this name. If it doesn’t find it, it will consult the DNS server of the service provider.

Pharming involves manipulating the HOSTS file to redirect the domain name of trusted organizations, such as banks, to imitation websites, in order that hackers can collect the confidential information entered in these websites by users.

Unlike phishing, pharming attacks are a continuous process, as the alteration to the HOSTS file remains on a computer, waiting for users to access online banking services.

How does it reach users?

Most phishing attacks consist of a spoofed email message that appears to have been sent from a bank or similar, and whose clients it aims to deceive. This message contains links to one or more Web pages that imitate all or part of the company’s website, where victims are prompted to enter their personal details.

With respect to the relationship between spam and phishing, it is clear that by mass-mailing these fraudulent emails, cyber-crooks have a highly efficient means of capturing potential victims. In fact, email is generally the most widely-used channel for cyber-crooks to communicate with potential victims.

However, these types of crimes are not just channeled through email, and phishing can also be launched through SMS (smishing) or Voice over IP (vishing).

With smishing, users receive a text message urging them to access a link. This will lead them to the fraudulent website. In the case of vishing, users receive a call from someone claiming to represent their bank and asking them to verify a series of data.

How can you protect yourself?

To protect yourself it is very important to have an antivirus program installed and up-to-date which includes a spam filter. Any Panda Security solution will keep your inbox free from phishing messages. The following animation will help you to keep protected against phishing:

Below you will find a series of tips on how to reduce the risk of falling victim to phishing attacks:

Check the source of information received. Don't reply to any email message that asks for your personal or financial information.

When you receive links via email, if you want to access them, type the address in your Internet browser instead of clicking on them.

Check that the Web page you visit is a secure site. The web address must begin with https:// and a little closed padlock must be displayed on the status bar of the browser.